Tutorial – Payload Development

A big part of our effort with Veil is to provide a framework for the community to integrate their own AV-evasion methods, public or private. With that said, we wanted to provide a tutorial on the general payload development process for Veil.

We’ve provided a payload template at ./modules/payloads/template.py :

The top of each module contains a comment string detailing the workings of the module, any references/prior work the module uses or was based on, and the author who wrote the module.

Imports of common Veil modules are up next using the form from modules.common import MODULE syntax, where MODULE is any of the python files contained in ./modules/common/*. These methods are then called with module.method() syntax. The following is a breakdown of some of the common modules/methods payloads can take advantage of:

self.required_options : payload options that require a value, of the format {option_name : [“default_value”, “description”], … } . A commonly used instance of this is the “compile_to_exe” option to instruct Veil to automatically compile the payload. Note: if no default value is supplied, Veil will automatically require a user to input a value before payload generation.

The generate()methodis “where the magic happens”. Shellcode can be generated by Veil’s internal functionality be calling the internal shellcode object with the syntaxShellcode = self.shellcode.generate() like on line 42. Line 48 shows how to use a method in helpers to get a randomized string. Lines 51 and 52 demonstrate how to take advantage of appropriate source code encrypters. Finally, the resulting source code is returned so it can be processed by Veil.

Once you write your own payload module, drop it into the appropriate location in the ./modules/payloads/* folder and it will automatically load into the Veil framework. The general structure is [language]/[method]/[payload]. ‘Method’ at this point consists of “meterpreter” for Meterpreter stagers, and “shellcode_inject” for the various shellcode injection methods.